Transcript CYBEROAM
Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Cyberoam - Endpoint Data Protection © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Agenda of Presentation • EPDP Components • Licensing • Product Walk-Thru © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Cyberoam - Endpoint Data Protection © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection EPDP Components o EPDP Server Recommended Hardware Pentium IV 2GHZ/512MB Memory/50GB HDD space Database SQL Server 2000 SP4 or above / SQL Server 2005 SP1 or above MSDE SP4 / SQL Server 2005 Express OS Win2000 SP4/XP SP2/2003 SP1/Vista & Win 7 (32-bit) HDD capacity requirement formula – – Avg. log size : 5MB/User (8 hours) Example: Logging enabled for 400 users for 2 weeks(400u*5MB)*14days=28GB minimum reserved free HDD space. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection EPDP Components (cont..) o EPDP Console Recommended Hardware Pentium III 1GHZ/256MB Memory/4 GB HDD space Database NA OS Win2000 SP4/XP/2003/2008/Vista & Win 7 (32-bit) o EPDP Agent Recommended Hardware Pentium III 500 MHZ/128MB Memory/1 GB HDD space Database NA OS Win 2000/XP/2003/2008/Vista & Win 7 (32-bit) © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Licensing Modules 1. Device Management o Access policy for storage devices, communication devices, dialup connection, USB device, network devices etc. 2. Application Control o Application access policy for virtually any application residing on a user’s machine. 3. Asset Management o o o o Inventory management. Patch management. Vulnerability management. Remote software deployment. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Licensing Modules (cont..) 4. Data Protection & Encryption o o o o o o Document Control. Encryption over Removable Devices. Email Control. IM Control. Printer Control. Shadow Copy. Note: Pricing is based on per user licensing. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Agent Installation methods Direct Installation Manual installation of agent using “agent install generator”. Remote Installer Push agents on user’s machine using inbuilt remote installer utility. Admin access to the machine required. Logon Script Implementation Push agents from domain controller using login scripts. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Product Walk-Through © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Console Login & Dashboard © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Role based administration © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Computer/User level policies Computer level policies are applicable to all users logging in from the computer. o Cyberoam EPDP scans all the user logins once a computer is visible in the console. o All the users will then be visible in the ‘Users’ tab. o Admin can assign different policies for each user logging in from the same machine. o Some features are not available in user based policies. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Default Policy • Logging is enabled by default for everyone. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Sample Events Log Logging of basic events along with time stamps o system startup/shutdown o login/logoff o dialups o patches applied o software deployed. Application logs showing application name, start/stop time along with time stamps. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Sample Events Log (cont..) Logs creating, accessing, modifying, renaming, copying, moving, deleting, restoring, uploading of documents over fixed disk, floppy disk, CD-ROM, removable & network disks. Logging of shared resources accessed on the computer by other users/computers. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Sample Events Log (cont..) Logs showing all documents, images printed along with the printer used (i.e. local, network, shared or virtual) & the time stamp. Logging of removable storage plugged in/out on the computer © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Sample Events Log (cont..) Hardware & Software change log. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Audit Log Cyberoam EPDP records the policy changes made at the computer/user level, group level or at the network level. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Monitoring Logs (Instant Message) Logs chat conversations of various messengers like Yahoo, MSN, ICQ, QQ, Skype etc. Instant Messaging (IM) Logs • Chat conversation logs • File upload, download • Search on Content of chat conversation UserId/Nickname © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Monitoring Logs (Emails) Logs incoming/outgoing SMTP, POP3, Exchange emails & outgoing Lotus, Webmail emails. Email logs • Email content, attachment • Protocols: SMTP/POP3 •Applications – Exchange, Lotus Notes • Webmail – Hotmail, Yahoo Mail •Search email by Application, sender/recipient Subject & Attachment – File name, extension, size © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Basic Policy 1. Basic The administrator can regulate the computer operation rights of a user. It helps restrict the end user not to easily change the system settings preventing them from performing malicious activity. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Basic Policy 2. Device control policy Allows the administrator to block storage, communication, dial in, USB & network level devices. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Basic Policy 3. Application control policy Allows the administrator to limit the use of unwanted applications. Application grouping: Tools Classes Management Applications © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Advanced Policy 1. Email Policy Email policy prevents data leaked via emails. It can control outgoing emails based on sender, recipient, subject line, attachment type, size etc. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Advanced Policy 2. IM File IM policy is used to control the communications over instant messengers. The administrator can monitor/control files transferred via IM preventing data leakage through IM channels. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection 2. IM File (cont..) Monitoring files by taking a backup of the files tranfferred over IM © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Advanced Policy 3. Printing Policy Printing policy is used to control the use of different kinds of printers such as local, shared, network and virtual printers to prevent information leakage. Printing‘Record policy to allow access to network printer Enable All recorded Mode’ images log the can viewed or doc from that Event Logs Printing blockto access toimage allbeprinters only. is being printed. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Advanced Policy 4. Removable storage policy To prevent information leakage through removable devices, System administrator can apply removable-storage policy and assign different rights to removable storages. Also, the files can be encrypted when writing to the removable storages, only authorized agents can decrypt the files. Removable storage grouping: Tools Classes Management Applications © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Advanced Policy 4. Removable storage policy (Encryption) The files can be encrypted when writing to the removable storages, only authorized agents can decrypt the files. Contents of the encrypted original filefile to when be copied opened to the from USB the USB © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Advanced Policy 4. Removable storage policy (Disk Encryption) To prevent data leakage through removable storage, one can encrypt the entire USB disk. Thereafter, any files copied to the USB would be encrypted. Only authorized agents with ‘decrypt when reading’ rights would be able to view the original content. Removable For Disk storage Encryption grouping: plug Tools the USB Classes on theManagement Cyberoam EPDP Removable Server Storage © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Asset Management 1. Asset Management Cyberoam’s Asset Management module for Windows enables organizations to simplify tracking of their hardware and software asset location, configuration, version tracking, and historical information, allowing streamlined IT infrastructure management. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Asset Management 2. Patch Management End Point Data Protection Solution frequently checks for Windows operating system patches. It automatically downloads, distributes, and installs the patches if one is found, to the machines on which the agents are installed. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Asset Management 3. Vulnerability Management Vulnerability check function automatically scans the internal network computers and process analysis to help System administrator to check and trace the vulnerability problems. Follow the resulting suggestion to take timely response measures to enhance the security of all internal computers. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Asset Management 4. Deployment Management System administrator can install software, run an application, and deploy files to agent through Endpoint Data Protection console. Software can be installed to the agent by simply creating a deploy task. © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved. Cyberoam Cyberoam - UnifiedData Threat Management Cyberoam Endpoint Protection Thank You Thank You Contact us on [email protected] © Copyright 2010 Elitecore Technologies Ltd. All Rights Reserved.